SlideShare uma empresa Scribd logo

Grails Jasypt Encryption Plugin

T
Ted Naleid

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

Tecnologia
1 de 39
Baixar para ler offline
Grails Jasypt Encryption by Ted Naleid
Who am I?
Overview What is it? Why did we need it? Advantages Limitations How is it used?
What Is It?
grails plugin that integrates strong encryption into GORM
allows field-level encryption on any domain object or field type
import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
built on Jasypt Simplified Encryption framework
Jasypt leverages Java Cryptography Extensions (JCE)
Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
Why did we need it?
constant automated hacking attempts happen on every computer on the public internet
cloud computing potentially adds security weak points
if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
full disk encryption has many drawbacks and limitations
field level encryption lets you protect the sensitive things – everything else is at full speed
don’t need to outrun the bear
advantages
encrypt only what you need to
strongly protects info even if your database gets rooted or someone steals a database dump
painless integration into your domain
Limitations
encrypted fields take up extra space in database
import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
breaks using field in WHERE clause (so dynamic finders for this field don’t work)
How is it used?
how do I install it? grails install-plugin jasypt-encryption
how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
all encrypted values stored as strings in the database
java.lang.String supported out of the box
just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
Quick Demo
Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
Questions?

Recomendados

Java物件導向
Java物件導向Java物件導向
Java物件導向
艾鍗科技
 
Intro to Erlang
Intro to ErlangIntro to Erlang
Intro to Erlang
Ken Pratt
 
hbaseconasia2017: HBase Practice At XiaoMi
hbaseconasia2017: HBase Practice At XiaoMihbaseconasia2017: HBase Practice At XiaoMi
hbaseconasia2017: HBase Practice At XiaoMi
HBaseCon
 
Introduction to the LLVM Compiler System
Introduction to the LLVM Compiler SystemIntroduction to the LLVM Compiler System
Introduction to the LLVM Compiler System
zionsaint
 
Ch 5: Introduction to heap overflows
Ch 5: Introduction to heap overflowsCh 5: Introduction to heap overflows
Ch 5: Introduction to heap overflows
Sam Bowne
 
Chap05
Chap05Chap05
Chap05
Terry Yoast
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
Rainer Gerhards
 
Seastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephSeastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for Ceph
ScyllaDB
 

Recomendados

Java物件導向
Java物件導向Java物件導向
Java物件導向
艾鍗科技
 
Intro to Erlang
Intro to ErlangIntro to Erlang
Intro to Erlang
Ken Pratt
 
hbaseconasia2017: HBase Practice At XiaoMi
hbaseconasia2017: HBase Practice At XiaoMihbaseconasia2017: HBase Practice At XiaoMi
hbaseconasia2017: HBase Practice At XiaoMi
HBaseCon
 
Introduction to the LLVM Compiler System
Introduction to the LLVM Compiler SystemIntroduction to the LLVM Compiler System
Introduction to the LLVM Compiler System
zionsaint
 
Ch 5: Introduction to heap overflows
Ch 5: Introduction to heap overflowsCh 5: Introduction to heap overflows
Ch 5: Introduction to heap overflows
Sam Bowne
 
Chap05
Chap05Chap05
Chap05
Terry Yoast
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
Rainer Gerhards
 
Seastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephSeastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for Ceph
ScyllaDB
 
Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?
Nikita Popov
 
Mongodb - Scaling write performance
Mongodb - Scaling write performanceMongodb - Scaling write performance
Mongodb - Scaling write performance
Daum DNA
 
Exception handling
Exception handlingException handling
Exception handling
Ravi Sharda
 
CNIT 126 6: Recognizing C Code Constructs in Assembly
CNIT 126 6: Recognizing C Code Constructs in Assembly CNIT 126 6: Recognizing C Code Constructs in Assembly
CNIT 126 6: Recognizing C Code Constructs in Assembly
Sam Bowne
 
Accelerating query processing with materialized views in Apache Hive
Accelerating query processing with materialized views in Apache HiveAccelerating query processing with materialized views in Apache Hive
Accelerating query processing with materialized views in Apache Hive
DataWorks Summit
 
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin HilmanKernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Anne Nicolas
 
SSD 개념 및 활용_Wh oracle
SSD 개념 및 활용_Wh oracleSSD 개념 및 활용_Wh oracle
SSD 개념 및 활용_Wh oracle
엑셈
 
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
takuyayamamoto1800
 
搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題
搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題
搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題
teddysoft
 
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Christian Schneider
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
zeroSteiner
 
Client Drivers and Cassandra, the Right Way
Client Drivers and Cassandra, the Right WayClient Drivers and Cassandra, the Right Way
Client Drivers and Cassandra, the Right Way
DataStax Academy
 
Sram interview questions and answers
Sram interview questions and answersSram interview questions and answers
Sram interview questions and answers
selinasimpson105
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
zznate
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
DataStax
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
Aleksandr Yampolskiy
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
Positive Hack Days
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
Minh Hoang
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
Sean Chittenden
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
Ana-Maria Mihalceanu
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
Patricia Aas
 

Mais conteúdo relacionado

Mais procurados

Mongodb - Scaling write performance
Mongodb - Scaling write performanceMongodb - Scaling write performance
Mongodb - Scaling write performance
Daum DNA
 
Exception handling
Exception handlingException handling
Exception handling
Ravi Sharda
 
Accelerating query processing with materialized views in Apache Hive
Accelerating query processing with materialized views in Apache HiveAccelerating query processing with materialized views in Apache Hive
Accelerating query processing with materialized views in Apache Hive
DataWorks Summit
 
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin HilmanKernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Anne Nicolas
 
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
takuyayamamoto1800
 
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Christian Schneider
 
Sram interview questions and answers
Sram interview questions and answersSram interview questions and answers
Sram interview questions and answers
selinasimpson105
 

Mais procurados (13)

Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?
 
Mongodb - Scaling write performance
Mongodb - Scaling write performanceMongodb - Scaling write performance
Mongodb - Scaling write performance
 
Exception handling
Exception handlingException handling
Exception handling
 
CNIT 126 6: Recognizing C Code Constructs in Assembly
CNIT 126 6: Recognizing C Code Constructs in Assembly CNIT 126 6: Recognizing C Code Constructs in Assembly
CNIT 126 6: Recognizing C Code Constructs in Assembly
 
Accelerating query processing with materialized views in Apache Hive
Accelerating query processing with materialized views in Apache HiveAccelerating query processing with materialized views in Apache Hive
Accelerating query processing with materialized views in Apache Hive
 
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin HilmanKernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
Kernel Recipes 2017 - Overview of Generic PM Domains (genpd) - Kevin Hilman
 
SSD 개념 및 활용_Wh oracle
SSD 개념 및 활용_Wh oracleSSD 개념 및 활용_Wh oracle
SSD 개념 및 활용_Wh oracle
 
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
OpenFOAMに実装したS-CLSVOF法検証(静止気泡のLaplace圧)
 
搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題
搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題
搞懂Java例外處理的難題:Checked與Unchecked Exceptions不再是問題
 
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
 
Client Drivers and Cassandra, the Right Way
Client Drivers and Cassandra, the Right WayClient Drivers and Cassandra, the Right Way
Client Drivers and Cassandra, the Right Way
 
Sram interview questions and answers
Sram interview questions and answersSram interview questions and answers
Sram interview questions and answers
 

Semelhante a Grails Jasypt Encryption Plugin

Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
Positive Hack Days
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
Ramakanta Behera
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
James Bayer
 

Semelhante a Grails Jasypt Encryption Plugin (20)

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developers
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practices
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with Coherence
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializable
 
Hazelcast
HazelcastHazelcast
Hazelcast
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script apps
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Grails Jasypt Encryption Plugin

  • 1. Grails Jasypt Encryption by Ted Naleid
  • 3. Overview What is it? Why did we need it? Advantages Limitations How is it used?
  • 5. grails plugin that integrates strong encryption into GORM
  • 6. allows field-level encryption on any domain object or field type
  • 7. import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  • 8. built on Jasypt Simplified Encryption framework
  • 9. Jasypt leverages Java Cryptography Extensions (JCE)
  • 10. Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  • 11. Why did we need it?
  • 12. constant automated hacking attempts happen on every computer on the public internet
  • 13. cloud computing potentially adds security weak points
  • 14. if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  • 15. full disk encryption has many drawbacks and limitations
  • 16. field level encryption lets you protect the sensitive things – everything else is at full speed
  • 17. don’t need to outrun the bear
  • 19. encrypt only what you need to
  • 20. strongly protects info even if your database gets rooted or someone steals a database dump
  • 23. encrypted fields take up extra space in database
  • 24. import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  • 25. breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  • 26. How is it used?
  • 27. how do I install it? grails install-plugin jasypt-encryption
  • 28. how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  • 29. what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  • 30. what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  • 31. after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  • 32. all encrypted values stored as strings in the database
  • 33. java.lang.String supported out of the box
  • 34. just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  • 35. create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  • 36. then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  • 38. Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)